Oracle Cloud Infrastructure Documentation

Add a NAT Rule to a Firewall Policy

NAT rules contain a set of criteria against which a network packet is matched for source address translation (NAT).

Before you can create a NAT rule, create address lists to use them as a matching criteria while defining the NAT rule.
Note

If no match criteria are defined in a NAT rule (or if an empty address list is specified for the rule), the rule matches to "wildcard" (any criteria). This behavior applies to all traffic examined in the rule.

To add a NAT rule to a firewall policy:

    1. On the navigation menu, select Identity & Security. Go to Firewalls, select Network Firewall Policies.
    2. Select the firewall policy.
    3. Under Policy resources, select NAT rules.
    4. Select Create NAT rule.
      You can also select Import NAT rules and import NAT rules created as a JSON file. See Import Firewall Policy Components for more details.
    5. In the Name box, enter a name.
    6. In the Description box, enter a description.
    7. Under Match condition, specify that the rule matches source addresses, destination addresses, or a service. If you select Select addresses or Select service, select any of the lists you created earlier. If you haven't created any lists, select Create address list, or Create service.
    8. Under Rule translation, in the NAT type list, select the type.
    9. (Optional) In the Translation type list, the translation type is hard-coded in the Console.
    10. Under Rule order, select the position of the rule in relation to other NAT rules in the policy. The firewall applies the NAT rules in the specified order from first to last.
      • First rule in the list
      • Last rule in the list
      • Custom position (enabled if you create more than one NAT rule.). Specify whether you want this rule to come Before an existing rule, or After an existing rule. Then, specify the rule you want the new rule to come before or after.
    11. Select Create NAT rule.

    To delete a NAT rule from a firewall policy, see Delete a Rule from a Firewall Policy.

  • Use the network-firewall nat-rule create command and required parameters to create a NAT rule:

    oci network-firewall nat-rule create --name my_nat_rule --network-firewall-policy-id network firewall policy OCID 
--type NATV4  ...[OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateNatRule operation to create a NAT rule.